Howard and Quanah,
I think I understand what you have said me, but I am not still understanding what the reason to my ldif doesn't work. Thankfully my environment is a test environment. I have other test environment that has a difference between the first: I modified the first environment database to mdb database while the second is default installation where database is hdb (default).
In the second environment, I can modify olcTLSCertificateFile, olcTLSCertificateKeyFile and olcTLSCACertificateFile normally. For modify the first environment:
1. I stopped sladp service; 2. I got olc configurations from slapcat -n 0 command like: slapcat -n 0
config.ldif;
3. I added olcModuleLoad back_mdb on dn: cn=module{0},cn=config (I verified the olcModulePath and /usr/lib64; 4. I modified on dn: olcDatabase={2}hdb,cn=config the following attributes: - dn: olcDatabase={2}hdb,cn=config to dn: olcDatabase={2}mdb,cn=config - objectClass: olcHdbConfig to objectClass: olcMdbConfig - olcDatabase: {2}hdb to olcDatabase: {2}mdb - structuralObjectClass: olcHdbConfig to structuralObjectClass: olcMdbConfig - And finally, I ran this two command: - cat config.ldif | slapadd -v -F /etc/openldap/slapd.d -n 0 - chown -R /etc/openldap/slapd.d (to solve owner problem after run this command as root)
OBS: I've mounted environment on CentOS 7, added symas' repository and install from yum.
Is possible I have done something wrong in convert process?
-- Igor Sousa
Em qui, 11 de jul de 2019 às 22:56, Howard Chu hyc@symas.com escreveu:
Quanah Gibson-Mount wrote:
--On Thursday, July 11, 2019 5:29 PM -0300 Igor Sousa <
igorvolt@gmail.com> wrote:
I've tested your suggestion and delete operation has worked fine, but I've still had the same problem described previously when I've tried add new olcTLSCertificateFile or new olcTLSCertificateKeyFile or new olcTLSCACertificateFile. I don't understand the reason for that.
You're likely hitting ITS#8286 with the replace operations. Another
idea may be to change replace to a delete+add in the same operation
sequence.
https://www.openldap.org/its/index.cgi/?findid=8286
The details in the ITS aren't as flushed out as they probably should be,
but if a configuration element is missing an EQUALITY matching rule, then you generally
cannot use a replace OP on them.
That's not correct. A replace op always works. It is only [Delete/Add] value that requires an equality rule.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/